CVE-2026-4096
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
IBM DevOps Plan versions 3.0.0 through 3.0.6 is vulnerable to HTTP header injection due to improper validation of input in the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, or session hijacking.
Risk Assessment
This vulnerability poses a risk to organizations by allowing attackers to carry out serious attacks that could lead to data theft or compromise of system integrity.
Recommendation
It is recommended to update IBM DevOps Plan to the latest version to mitigate this vulnerability and implement additional security measures such as proper validation of HTTP headers.
Original NVD description (English source)
IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking

